The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Login via JSON Web Token
#1
Hello all,

Hoping you all will be able to help with this.

The website I am developing is using Userspice. The website; however, is a part of a larger organization that requires logins to be handled by their central server via a JSON Web Token. After the login is successful, it passes the user's email, username, and a few other JSON fields back to our Userspice website. The email and username that is passed back from the central server will need to be verified with our Userspice user database, and if there is a match, a session will be created.

I was wondering how to go about this? I begun messing with the User.php file, but had issues editing the loginEmail function. I attempted to remove the password verification to just do it solely off of the email passed back to the website and it did not work:

<pre>
Code:
public function logincentral ($email = null){

        if (!$email && $this->exists()) {
            Session::put($this->_sessionName, $this->data()->id);
        } else {
            $user = $this->find($email);

            if ($user) {
                    Session::put($this->_sessionName, $this->data()->id);

                    $date = date("Y-m-d H:i:s");
                    $this->_db->query("UPDATE users SET last_login = ?, logins = logins + 1 WHERE id = ?",[$date,$this->data()->id]);
                    $this->_db->query("UPDATE users SET last_confirm = ? WHERE id = ?",[$date,$this->data()->id]);
                    $ip = ipCheck();
                    $q = $this->_db->query("SELECT id FROM us_ip_list WHERE ip = ?",array($ip));
                    $c = $q->count();
                    if($c < 1){
                        $this->_db->insert('us_ip_list', array(
                            'user_id' => $this->data()->id,
                            'ip' => $ip,
                        ));
                    }else{
                        $f = $q->first();
                        $this->_db->update('us_ip_list',$f->id, array(
                            'user_id' => $this->data()->id,
                            'ip' => $ip,
                        ));
                    }
                    return true;
            }
        }
        return false;
    }
</pre>


The login page is as follows, after getting the JSON fields:
<pre>
Code:
$user = new User();
$login = $user->loginULS($controller_email);
</pre>


I am not getting any data back in the $login variable. Any help would be greatly appreciated. Thank you!
  Reply
#2
I'm just formulating this in my dead on the go.

I would duplicate login.php into usersc and call a redirect on that which sends the user to the Authentication Server.

On return, I would have a particular callback URL, eg login_callback.php in usersc that would handle the actual login and return from JSON.

The session creation should be easy, if you take a look at the most recent Update, it contacts a cloaking feature, take a look at that code and it will give a good example on session creation.

Sorry I wasn't able to come up with a plug and play solution, without really understanding the complete project, it would be hard for me to pull some code together for you.
  Reply
#3
Thank you, Brandin! The recent update looks super helpful and exactly what I need.

I'll give it a shot with the update's code and if I still can't get it, I'll post more documentation/the project for more assistance.

Appreciate it and Happy New Year!
  Reply
#4
My pleasure. I'd love to know how this works out for you, so keep me updated. Feel free to join us in Discord!

https://userspice.com/forums/topic/users...rd-server/

Happy New Year to you as well!
  Reply
#5
Hello Petey.

I have a similar challenge: a client authenticates via API.

How did you solve this problem?
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)